LawFlash

SEC Examinations and Enforcement in the COVID-19 Era

April 21, 2020

Recent announcements from the US Securities and Exchange Commission make it clear that, although it will not be business as usual, the agency will ably navigate the coronavirus (COVID-19) crisis and its work will move forward. However, over the next several months, the SEC and its staff will be confronted with choices about where and how to deploy the Commission’s limited enforcement and examination resources, and those decisions will have a profound effect on regulated entities.

Past market downturns and recent US Securities and Exchange Commission (SEC or Commission) activity provide a window into what the regulatory landscape might look like in the near future. Below we offer our views on the way COVID-19 will affect the Commission’s enforcement and examination efforts.

The SEC Is Prepared to Regulate Remotely

The SEC is better positioned than many other federal agencies to regulate the markets remotely because telework has been a reality at the Commission for the most of the last decade. Indeed, a 2018 Office of Personnel Management report to Congress on telework in the federal government reported that 91% of the Commission’s staff teleworked at least situationally in 2017.[1] After an initial adjustment period for the current environment, we expect the SEC’s staff lawyers and examiners to be as active and engaged, if not more so, as usual.

Remote Work Will Influence the Ways Investigations Are Carried Out

Although SEC staff will be “on duty,” current COVID-19 restrictions will limit many of the tools typically used during investigations. For example, on-the-record testimony and witness interviews will need to be conducted by telephone or video, which we anticipate the staff may perceive as limiting the effectiveness of those methods. We also expect the Commission’s staff to be focused on how understandable delays in gathering documents and information by registrants or other parties may extend investigation timelines.

Where delays could affect the SEC’s ability to obtain relief such as disgorgement or a civil penalty because of the five-year statute of limitations, we anticipate that the Division of Enforcement will seek tolling agreements even in the very early stages of an investigation.

The Current Climate Will Spur Data-Driven Investigations

We expect to see a shift to data-driven investigations in the near term as these investigations lend themselves to remote work. We think that SEC specialized groups within the Division of Enforcement such as the Retail Strategy Task Force—charged with developing data-driven, analytical strategies for identifying practices in the securities markets and generating enforcement matters—will be allocated additional resources in this environment.

The SEC may also leverage resources on mission-driven initiatives such as broad investigations into pricing, compensation, and disclosure that are detectible through data analytics, similar to last year’s share class selection disclosure cases.

Remarks made by SEC Chairman Jay Clayton on this topic in 2019 provide good insight into the ways in which the SEC and its staff have used data analytics in the past (and may do so in the current environment). Among other things, the Chairman Clayton described tools such as the Division of Enforcement’s ATLAS software, which is used to detect insider trading and electronic blue sheet errors, among other issues.[2]

Focus on Insider Trading

Co-Directors of the Division of Enforcement Stephanie Avakian and Steven Peikin have recently emphasized the importance of appropriate handling and use of material nonpublic information. Specifically, their March 23, 2020 statement noted:

[I]n these dynamic circumstances, corporate insiders are regularly learning new material nonpublic information that may hold an even greater value than under normal circumstances. This may particularly be the case if earnings reports or required SEC disclosure filings are delayed due to COVID-19. Given these unique circumstances, a greater number of people may have access to material nonpublic information than in less challenging times. Those with such access – including, for example, directors, officers, employees, and consultants and other outside professionals – should be mindful of their obligations to keep this information confidential and to comply with the prohibitions on illegal securities trading.[3]

Consistent with its longstanding focus on the detection and prosecution of insider trading, we read the statement as a warning that the Division of Enforcement will vigorously pursue actions involving material nonpublic information in the COVID-19 era.

Protection of Main Street Investors

Market downturns invariably lead to the exposure of securities fraud as investors seek to determine the value of investments and often request liquidation. In anticipation of such issues arising in the current market, the co-directors of Enforcement committed to devote “substantial resources” to protecting Main Street investors from fraud or illegal practices.[4]

Guarding the investments and retirement savings of individual investors has been a hallmark of the Clayton Commission and we expect the Division of Enforcement to pursue fraud in this space aggressively in the current environment. In particular, we expect that financial fraud cases, like Ponzi schemes and market manipulations, will be an enforcement priority for the Division.

Another key signal of the Commission’s focus on Main Street is that the implementation of one of the most substantial changes to the SEC’s regulatory regime, Regulation Best Interest and Form CRS, will proceed as planned. Specifically, on April 2, 2020, as outlined in our recent LawFlash, Chairman Clayton informed the financial services industry that the Commission is not delaying the June 30, 2020 compliance date.[5]

That announcement was promptly followed by an April 7 Risk Alert from the Commission’s Office of Compliance Inspections and Examinations (OCIE) providing broker-dealers information about the initial examinations that will focus on compliance with Regulation Best Interest that the OCIE staff intends to conduct after the compliance date.[6]

Issuer Disclosure Will Also Receive Increased Attention

Recognizing the challenges of disclosure in these uncertain times, particularly with regard to forward-looking statements, Chairman Clayton and William Hinman, director of the Division of Corporate Finance, recently sought to reassure issuers by noting that “[g]iven the uncertainty in our current business environment, we would not expect to second guess good faith attempts to provide investors and other market participants appropriately framed forward-looking information.”[7]

Notwithstanding that statement, we anticipate that, in appropriate circumstances, the Division of Enforcement will carefully examine issuer disclosures. The Division of Enforcement’s Financial Reporting and Audit (FRAud) Group, created several years ago, will likely be involved in those efforts.[8] The FRAud Group is tasked with ongoing review of financial statement restatements and revisions and the analysis of performance trends by industry, in part through the use of technology-based tools.

Among other actions, the FRAud Group was involved in the recent Enforcement initiative concerning a series of issuers that the Commission asserted “fail[ed] to maintain internal control over financial reporting (ICFR) for seven to 10 consecutive annual reporting periods.”[9]

Expect an Increase in Tips to the Commission That Will Stretch Resources

Investor anxiety will likely result in a significant increase in tips, complaints, and referrals (TCRs) to the Commission. The SEC’s Fiscal Year 2021 Congressional Budget Justification and Annual Performance Plan and Fiscal Year 2019 Annual Performance Report, released February 10, 2020, disclosed that the Division of Enforcement handled 17,000 TCRs in fiscal year 2019 and predicted 19,000 and 20,000 for fiscal years 2020 and 2021, respectively.[10]

Of course, those estimates were made without considering the significant impact COVID-19 has had—and continues to have—and prior to the recent decline of the securities markets. In this environment, in addition to receiving many TCRs from investors, the Commission may also receive TCRs from more whistleblowers seeking credit for providing helpful information to the SEC, and monetary awards for doing so, than it ordinarily would.

With an overall Division of Enforcement headcount of approximately 1,300, the 2021 budget justification seeks additional enforcement slots, in part, to triage and investigate TCRs. These resource needs will become more acute in the near term if there is a significant increase in TCRs.

Examinations Will Continue From Afar

In its recent Statement on Operations and Exams, OCIE confirmed that it would remain fully operational but would conduct examinations “off-site,”[11] as outlined in our recent LawFlash. OCIE has several tools that it can leverage to do this work effectively and efficiently. For example, the National Exam Analytics Tool (NEAT) allows examiners to collect and analyze large datasets of trading records. Initially focused on investment adviser trading records, NEAT was subsequently expanded to cover broker-dealer trading records and anti-money laundering practices.

In addition, the High-Frequency Analytics Lab “produces reports on SEC registrant and market behavior at relevant time resolutions down to microseconds.”[12] The SEC reportedly uses these reports to “help to identify registrants engaging in potentially unfair market practices, and to shed light on major market events.”[13] We expect that the staff will rely heavily on these and other data-driven tools in the absence of the ability to conduct onsite examinations.

Valuation and Custody Examination Focus

As set forth in its 2020 Examination Priorities, OCIE devotes significant resources to asset verification, including to the existence of assets at custodians and proper valuation of assets.[14] For registered investment advisers and investment companies, the priorities identify the consistency and appropriateness of the methodology used for the valuation of client assets as an area of focus. Even before the 2020 priorities, a November 7, 2019 Risk Alert highlighted OCIE staff observations regarding investment companies failing to follow their policies and procedures requiring fund boards to approve or ratify the fair valuations determined by the valuation committee.[15]

With this forewarning and the implications of the economic climate in the COVID-19 era, we expect the OCIE staff to closely examine asset valuation, with a particular focus on registrants’ valuation policies and procedures.

Cybersecurity Is a Constant Theme

The SEC has focused on cybersecurity issues for several years. OCIE has included information security as a key element in its examination program and published several risk alerts focused on cybersecurity. The latest catalog of this work is found in OCIE’s January 2020 Cybersecurity and Resiliency Observations.[16]

We expect cybersecurity policies and procedures will likely come under increased scrutiny in the current environment, particularly because the SEC’s priorities are similar to those contained in the April 8, 2020 Joint Alert by the US Department of Homeland Security Cybersecurity and Infrastructure Security Agency and the United Kingdom’s National Cyber Security Centre regarding the exploitation of COVID-19 by Malicious Cyber Actors.[17]

Indeed, many of the concerns in the Joint Alert have been highlighted in previous OCIE risk alerts, including (1) “[>p]hishing, using the subject of coronavirus or COVID-19 as a lure”; (2) “[m]alware distribution, using coronavirus- or COVID-19-themed lures”; and (3) “[a]ttacks against newly—and often rapidly—deployed remote access and teleworking infrastructure.”>[18]

We have yet to see extensive enforcement activity regarding cybersecurity issues at registrants. However, given the OCIE commentary, the creation of the Division of Enforcement’s Cyber Unit, recent market events, and the near-universal move to remote work, we anticipate that cybersecurity will continue to be an examination focus of and possible source of referrals to the Division of Enforcement.

The Commission’s Enforcement Response to COVID-19 Will Not Be Immediately Apparent

Undoubtedly, the SEC, similar to the businesses it regulates, will go through an initial period of adjustment and uncertainty as it grapples with practical considerations regarding the way in which it regulates in this unprecedented environment. Although the SEC has the ability to act on an emergency basis to freeze assets, as it recently did in a case filed by the Commission’s Fort Worth Regional Office to halt an alleged offering fraud,[19] and to suspend trading in a security, as it has already done on a number of occasions in connection with COVID-19,[20] most enforcement actions arising from the pandemic will be brought well after it has passed, as enforcement investigations typically take a year or more to complete. Therefore, we urge registrants to resist the temptation to look at each filed enforcement action as an indication of the SEC’s COVID-19 response. 

Coronavirus COVID-19 Task Force

For our clients, we have formed a multidisciplinary Coronavirus COVID-19 Task Force to help guide you through the broad scope of legal issues brought on by this public health challenge. We also have launched a resource page to help keep you on top of developments as they unfold. If you would like to receive a daily digest of all new updates to the page, please subscribe now to receive our COVID-19 alerts.

Contacts

If you have any questions or would like more information on the issues discussed in this LawFlash, please contact any of the following Morgan Lewis lawyers:

Boston
David C. Boch
Timothy P. Burke
Thomas J. Hennessey
Jason S. Pinney
T. Peter R. Pound

Chicago
Michael M. Philipp 

New York
Ariel Gursky
Ben A. Indek

Philadelphia
G. Jeffrey Boujoukos
Christine M. Lombardo

San Francisco
Joseph E. Floren
Susan D. Resley

Washington, DC
Ivan P. Harris
Amy Natterson Kroll
Ignacio A. Sandoval
Steve W. Stone



[1] US Office of Pers. Mgmt., Status of Telework in the Federal Government 89, 94, 142 (2019).

[2] Jay Clayton, Chairman, US Sec. & Exch. Comm’n, Keynote Remarks at the Mid-Atlantic Regional Conference (June 4, 2019).

[3] Stephanie Avakian & Steven Peikin, Co-Dirs., Div. of Enf’t, US Sec. & Exch. Comm’n, Statement Regarding Market Integrity (Mar. 23, 2020).

[4] Id.

[5] Jay Clayton, Chairman, US Sec. & Exch. Comm’n, Public Statement: Investors Remain Front of Mind at the SEC (Apr. 2, 2020).

[6] Office of Compliance Inspections & Examinations, US Sec. & Exch. Comm’n, Risk Alert: Examinations that Focus on Compliance with Regulation Best Interest (Apr. 7, 2020).

[7] Jay Clayton, Chairman, & William Hinman, Dir., Div. Of Corp. Fin., US Sec. & Exch. Comm’n, Public Statement: The Importance of Disclosure – For Investors, Markets and Our Fight Against COVID-19 (Apr. 8, 2020).

[8] See Spotlight on Financial Reporting and Audit (FRAud) Group, US Sec. & Exch. Comm’n (Feb. 11, 2019).

[9] Press Release, US Sec. & Exch. Comm’n, SEC Charges Four Public Companies With Longstanding ICFR Failures (Jan. 29, 2019).

[11] Office of Compliance Inspections & Examinations, OCIE Statement on Operations and Exams – Health, Safety, Investor Protection and Continued Operations are our Priorities, US Sec. & Exch. Comm’n (Mar. 23, 2020).

[12] Clayton, supra note 2.

[13] Id.

[14] Office of Compliance Inspections & Examinations, US Sec. & Exch. Comm’n, 2020 Examination Priorities 2 (2020).

[16] Office of Compliance Inspections & Examinations, US Sec. & Exch. Comm’n, Cybersecurity and Resiliency Observations (2020).

[17] Cybersecurity & Infrastructure Sec. Agency, US Dep’t of Homeland Sec. & UK Nat’l Cyber Sec. Ctr., Alert: COVID-19 Exploited by Malicious Cyber Actors (Apr. 8, 2020).

[18] Id.

[19] Press Release, US Sec. & Exch. Comm’n, SEC Emergency Action Stops Digital Asset Scam (Mar. 20, 2020).

[20] See SEC Coronavirus (COVID-19) Response, US Sec. & Exch. Comm’n (Apr. 17, 2020).